oss-sec mailing list archives
Re: CVE request: awstats
From: Josh Bressers <bressers () redhat com>
Date: Mon, 23 Nov 2009 14:30:27 -0500 (EST)
----- "Craig" <craig () haquarter de> wrote:
I think there isn't a CVE for this issues - which was fixed in 6.95 - yet (quote from http://awstats.sourceforge.net/docs/awstats_changelog.txt): - Fix security in awredir.pl script by adding a security key required by default. - Enhance security of parameter sanitizing function
I'm adding AWStats upstream to this reply. Can someone elaborate on those fixes? Are they security flaws, or just proactive security measures. If they're flaws that need CVE ids, I presume upstream will add them to their security page: http://awstats.sourceforge.net/awstats_security_news.php Thanks. -- JB
Current thread:
- CVE request: awstats Craig (Nov 21)
- Re: CVE request: awstats Josh Bressers (Nov 23)